Форум АСУ в Україні

форум з автоматизації для викладачів, студентів та спеціалістів
Сьогодні: 20 вересня 2019, 12:47

Часовий пояс UTC + 2 годин [ DST ]




Створити нову тему Відповісти  [ 1 повідомлення ] 
Автор Повідомлення
 Тема повідомлення: Quantifying Cyber Security Risk
ПовідомленняДодано: 22 серпня 2014, 21:20 
Офлайн
Викладач

З нами з: 29 листопада 2013, 17:11
Повідомлення: 4990
Quantifying Cyber Security Risk
Part 1: Basic risk analysis techniques can help you understand the cyber threats to industrial control systems and SCADA systems overseeing electric utility distribution. This step will help as you begin planning a defensive strategy.
http://e-ditionsbyfry.com/Olive/ODE/CTL ... w=document
Цитата:
August 19, 2006: Brown’s Ferry Nuclear Power Station experiences excessive process control network traffic resulting in a loss of their recirculation pumps. The operators initiate a manual shutdown and take the system to a safe state. A subsequent U.S. Nuclear Regulatory Commission (NRC) report identifies the root cause as excessive traffic on the plant’s computer network from an unidentified source. Resulting corrective action was implementation of a firewall to limit external connections and traffic to the process control network. This incident has not been designated a cyber security event.
While the Brown’s Ferry Nuclear Power Station event was not designated a cyber security event, congressional review and comments reviewing the story state that they have “…great concern about the cybersecurity posture of our nation’s nuclear power plants …” This concern transcends the nation’s nuclear power plants to encompass U.S. critical infrastructure and the cyber security of larger supervisory control and data acquisition (SCADA) systems as well as process control systems (PCS).
The nation’s critical infrastructure “… provide(s) the foundation for our national security , governance, economic vitality, and way of life,” says the National Strategy for the Physical Protection of Critical Infrastructure and Key Assets, 2004. For the greatest part this critical infrastructure relies on SCADA and PCSs as means to monitor and control essential processes.
This reliance on computer based systems in the context of changing international terrorist threats, hackers, and disgruntled current and former employees combines to raise the nation’s risk of cyber security threats. While the amount of SCADA and PCS cyber security literature drastically increased after Sept. 11, 2001, most firms still face significant challenges in developing, implementing, and maintaining a cyber security program. One key challenge is that a firm’s cyber security program is just one of many funding requests that senior management decision makers have to consider on a recurring basis. Selecting where and how to allocate limited financial resources is a constant management conundrum further complicated by the recent and rapidly growing number of SCADA system cyber threats.

Зображення

Part 2: Understanding cyber incidents and their severity can help you plot a strategy to prevent them.
http://e-ditionsbyfry.com/Olive/ODE/CTL ... w=document
Цитата:
Cyber security practitioners generally divide risks into two categories, each with its own threat level:
The risk to a simple, unprotected control system installation running a common, standard operating system connected directly to the Internet (see graphic); and
The risk to a higher security control system outfitted with multiple levels of protection (see graphic).
The first security risk view is one where a company is operating its SCADA system without firewalls or any other security protection while connected to the Internet. Such an unprotected SCADA system based on a common computer operating platform and connected to the Internet will likely be attacked within moments and fully immobilized within hours. Clearly, this category has the highest possible risk ranking and must be avoided under any circumstances.
That being the case, the second risk profile is more appropriate for an actual operating SCADA system. In this view, the relevant risk is associated with a specific targeted attack rather than a random cyber threat from the host of malicious software code roaming the Internet looking for unprotected systems.


Догори
 Профіль  
 
Відображати повідомлення за:  Сортувати за  
Створити нову тему Відповісти  [ 1 повідомлення ] 

Часовий пояс UTC + 2 годин [ DST ]



Хто зараз онлайн

Зараз переглядають цей форум: Немає зареєстрованих користувачів і 1 гість


Ви не можете створювати нові теми у цьому форумі
Ви не можете відповідати на теми у цьому форумі
Ви не можете редагувати ваші повідомлення у цьому форумі
Ви не можете видаляти ваші повідомлення у цьому форумі
Ви не можете додавати файли у цьому форумі

Знайти:
Вперед:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Вы можете бесплатно создать форум PHPBB2 на MyBB2.ru, Также возможно создать форум бесплатно PHPBB3 на Getbb.ru
Український переклад © 2005-2007 Українська підтримка phpBB